Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue] azd up fails first time on todo-nodejs-mongo-aca #3157

Closed
1 task
Tracked by #3110
dfberry opened this issue Dec 21, 2023 · 8 comments · Fixed by #3178
Closed
1 task
Tracked by #3110

[Issue] azd up fails first time on todo-nodejs-mongo-aca #3157

dfberry opened this issue Dec 21, 2023 · 8 comments · Fixed by #3178
Labels
aca Azure Container Apps authn bug Something isn't working customer-reported identify a customer issue needs-team-attention Issues out of a milestone question
Milestone
Backlog

Comments

@dfberry
Copy link

dfberry commented Dec 21, 2023

Output from azd version
Run azd version and copy and paste the output here: azd version 1.5.0 (commit 012ae73)

Describe the bug
Initial deploy fails - output at bottom of this issue.

To Reproduce

  1. Clone to local mac m1
  2. Open Dev Container
  3. azd auth login
  4. azd up

Expected behavior
Success on first azd up

Environment
Information on your environment:
* Language name and version
* IDE and version : [e.g. Visual Studio 16.3]

Additional context

node ➜ /workspaces/todo-nodejs-mongo-aca (main) $ azd up
? Enter a new environment name: dfberry-todo-nodejs-mongo-azd
  (✓) Done: Downloading Bicep
? Select an Azure Subscription to use:  3. Visual Studio Enterprise Subscription (b57b253a-e19e-4a9c-a0c0-a5062910a749)
  (✓) Done: Retrieving locations...
? Select an Azure location to use: 43. (US) East US 2 (eastus2)
  (✓) Done: Retrieving locations...

Packaging services (azd package)

  (✓) Done: Packaging service api
  - Image Hash: sha256:4832bd12bb93a6e49c3f0f3735181fd437f19f59b932a36ca37bc517dfdeb8a4
  - Image Tag: todo-nodejs-mongo-aca/api-dfberry-todo-nodejs-mongo-azd:azd-deploy-1703174853

  (✓) Done: Packaging service web
  - Image Hash: sha256:8c98e9f560f1a5fc9c8b7856b4d6b1d521959bf21ab36c322a90414a84f8aa3b
  - Image Tag: todo-nodejs-mongo-aca/web-dfberry-todo-nodejs-mongo-azd:azd-deploy-1703174923

Provisioning Azure resources (azd provision)
Provisioning Azure resources can take some time.

Subscription: Visual Studio Enterprise Subscription (b57b253a-e19e-4a9c-a0c0-a5062910a749)
Location: East US 2

  You can view detailed progress in the Azure Portal:
  https://portal.azure.com/#view/HubsExtension/DeploymentDetailsBlade/~/overview/id/%2Fsubscriptions%2Fb57b253a-e19e-4a9c-a0c0-a5062910a749%2Fproviders%2FMicrosoft.Resources%2Fdeployments%2Fdfberry-todo-nodejs-mongo-azd-1703174930

  (✓) Done: Resource group: rg-dfberry-todo-nodejs-mongo-azd
  (✓) Done: Log Analytics workspace: log-gvgc3iyhqkxo6
  (✓) Done: Key Vault: kv-gvgc3iyhqkxo6
  (✓) Done: Application Insights: appi-gvgc3iyhqkxo6
  (✓) Done: Portal dashboard: dash-gvgc3iyhqkxo6
  (✓) Done: Container Registry: crgvgc3iyhqkxo6
  (✓) Done: Container Apps Environment: cae-gvgc3iyhqkxo6
  (✓) Done: Azure Cosmos DB: cosmos-gvgc3iyhqkxo6
  (✓) Done: Container App: ca-api-gvgc3iyhqkxo6
  (✓) Done: Container App: ca-web-gvgc3iyhqkxo6


Deploying services (azd deploy)

  (x) Failed: Deploying service api

ERROR: failed deploying service 'api': failing invoking action 'deploy', failed logging into container registry, token: failed getting ACR token: POST https://crgvgc3iyhqkxo6.azurecr.io/oauth2/exchange
--------------------------------------------------------------------------------
RESPONSE 401: 401 Unauthorized
ERROR CODE UNAVAILABLE
--------------------------------------------------------------------------------
Response contained no body
--------------------------------------------------------------------------------
, admin: getting container registry credentials: POST https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/resourceGroups/rg-dfberry-todo-nodejs-mongo-azd/providers/Microsoft.ContainerRegistry/registries/crgvgc3iyhqkxo6/listCredentials
--------------------------------------------------------------------------------
RESPONSE 400: 400 Bad Request
ERROR CODE: UnAuthorizedForCredentialOperations
--------------------------------------------------------------------------------
{
  "error": {
    "code": "UnAuthorizedForCredentialOperations",
    "message": "Cannot perform credential operations for /subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/resourceGroups/rg-dfberry-todo-nodejs-mongo-azd/providers/Microsoft.ContainerRegistry/registries/crgvgc3iyhqkxo6 as admin user is disabled. Kindly enable admin user as per docs: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication#admin-account"
  },
  "status": "Failed"
}
--------------------------------------------------------------------------------

TraceID: 454b5df6ba06950da417063dcea50497
WARNING: your version of azd is out of date, you have 1.5.0 and the latest version is 1.5.1

To update to the latest version, run:
curl -fsSL https://aka.ms/install-azd.sh | bash

If the install script was run with custom parameters, ensure that the same parameters are used for the upgrade. For advanced install instructions, see: https://aka.ms/azd/upgrade/linux
@dfberry
Copy link
Author

dfberry commented Dec 21, 2023
edited

The python version fails to deploy too.

vscode ➜ /workspaces/todo-python-mongo-aca (main) $ azd up
? Enter a new environment name: dfberry-py-container-todo
  (✓) Done: Downloading Bicep
? Select an Azure Subscription to use:  3. Visual Studio Enterprise Subscription (b57b253a-e19e-4a9c-a0c0-a5062910a749)
? Select an Azure location to use: 43. (US) East US 2 (eastus2)

Packaging services (azd package)

  (✓) Done: Packaging service api
  - Image Hash: sha256:74e60ce2259170c99bd5cae77d7d9435c31dcf64ddc294d8941cf568fa09277c
  - Image Tag: todo-python-mongo-aca/api-dfberry-py-container-todo:azd-deploy-1703184652

  (✓) Done: Packaging service web
  - Image Hash: sha256:2b01b1d57bda2d2c733675d75bb029d21ee25da5e278c5e77d7aae436d3b3395
  - Image Tag: todo-python-mongo-aca/web-dfberry-py-container-todo:azd-deploy-1703184724

Provisioning Azure resources (azd provision)
Provisioning Azure resources can take some time.

Subscription: Visual Studio Enterprise Subscription (b57b253a-e19e-4a9c-a0c0-a5062910a749)
Location: East US 2

  You can view detailed progress in the Azure Portal:
  https://portal.azure.com/#view/HubsExtension/DeploymentDetailsBlade/~/overview/id/%2Fsubscriptions%2Fb57b253a-e19e-4a9c-a0c0-a5062910a749%2Fproviders%2FMicrosoft.Resources%2Fdeployments%2Fdfberry-py-container-todo-1703184730

  (✓) Done: Resource group: rg-dfberry-py-container-todo
  (✓) Done: Log Analytics workspace: log-bz6tp6txpifo6
  (✓) Done: Key Vault: kv-bz6tp6txpifo6
  (✓) Done: Application Insights: appi-bz6tp6txpifo6
  (✓) Done: Portal dashboard: dash-bz6tp6txpifo6
  (✓) Done: Container Registry: crbz6tp6txpifo6
  (✓) Done: Container Apps Environment: cae-bz6tp6txpifo6
  (✓) Done: Azure Cosmos DB: cosmos-bz6tp6txpifo6
  (✓) Done: Container App: ca-api-bz6tp6txpifo6
  (✓) Done: Container App: ca-web-bz6tp6txpifo6


Deploying services (azd deploy)

  (x) Failed: Deploying service api

ERROR: failed deploying service 'api': failing invoking action 'deploy', failed logging into container registry, token: failed getting ACR token: POST https://crbz6tp6txpifo6.azurecr.io/oauth2/exchange
--------------------------------------------------------------------------------
RESPONSE 401: 401 Unauthorized
ERROR CODE UNAVAILABLE
--------------------------------------------------------------------------------
Response contained no body
--------------------------------------------------------------------------------
, admin: admin user is not enabled for container registry 'crbz6tp6txpifo6'
TraceID: 6d4382cf3c9f28f76481e3ec8da03e5f

azd version: azd version 1.5.1 (commit 3856d1e)

image

@dfberry
Copy link
Author

dfberry commented Dec 21, 2023
edited

Updating Node.js dev container to azd 1.5.1 as suggested.

image

@vhvb1989
Copy link
Member

related to: #2980

@dfberry
Copy link
Author

dfberry commented Dec 21, 2023
edited

Node.js as per request

image

2023/12/21 23:47:39 main.go:54: azd version: 1.5.1 (commit 3856d1e98281683b8d112e222c0a7c7b3e148e96)
2023/12/21 23:47:39 main.go:208: using cached latest version: 1.5.1 (expires on: 2023-12-22T16:05:33Z)
2023/12/21 23:47:39 project.go:113: Reading project from file '/workspaces/todo-nodejs-mongo-aca/azure.yaml'
2023/12/21 23:47:39 cobra_builder.go:141: Resolved action 'azd-deploy-action'
2023/12/21 23:47:39 middleware.go:124: running middleware 'debug'
2023/12/21 23:47:39 middleware.go:124: running middleware 'experimentation'
2023/12/21 23:47:39 experimentation.go:42: assignment context: initflow_c:78272;0g5ad841:76970;
2023/12/21 23:47:39 middleware.go:124: running middleware 'telemetry'
2023/12/21 23:47:39 telemetry.go:50: TraceID: 9f74fbcbd2579a2c20cfd9149d9a7d94
2023/12/21 23:47:39 middleware.go:124: running middleware 'hooks'
2023/12/21 23:47:39 hooks.go:156: service 'api' does not require any command hooks.
2023/12/21 23:47:39 hooks.go:156: service 'web' does not require any command hooks.
2023/12/21 23:47:39 hooks.go:85: azd project is not available or does not contain any command hooks, skipping command hook registrations.
2023/12/21 23:47:39 command_runner.go:307: Run exec: 'docker --version' , exit code: 0
-------------------------------------stdout-------------------------------------------
Docker version 24.0.7-1, build afdd53b4e341be38d2056a42113b938559bb1d94
2023/12/21 23:47:39 docker.go:260: docker version: Docker version 24.0.7-1, build afdd53b4e341be38d2056a42113b938559bb1d94
2023/12/21 23:47:39 docker.go:191: determining version from docker --version string: Docker version 24.0.7-1, build afdd53b4e341be38d2056a42113b938559bb1d94
2023/12/21 23:47:39 docker.go:203: extracted docker version: 24.0.7-1, build: afdd53b4e341be38d2056a42113b938559bb1d94 from version string
2023/12/21 23:47:39 ensure.go:47: Skipping install check for 'Docker'. It was previously confirmed.

Deploying services (azd deploy)

  |       | Deploying service api2023/12/21 23:47:39 framework_service_docker.go:174: building image for service api, cwd: /workspaces/todo-nodejs-mongo-aca/src/api, path: ./Dockerfile, context: ., buildArgs: [])
  Deploying service api (Building Docker image)

  ───────── Docker Output ───────────────────────────────────────────────────────────────────────────────────

  #9 [5/5] RUN npm run build
  #9 CACHED
  
  #10 exporting to image
  #10 exporting layers done
  #10 writing image sha256:4832bd12bb93a6e49c3f0f3735181fd437f19f59b932a36ca37bc517dfdeb8a4 done
  #10 naming to docker.io/library/todo-nodejs-mongo-aca-api done
  #10 DONE 0.0s

  ───────────────────────────────────────────────────────────────────────────────────────────────────────────2023/12/21 23:47:40 command_runner.go:307: Run exec: 'docker build -f ./Dockerfile --platform linux/amd64 -t todo-nodejs-mongo-aca-api . --iidfile /tmp/azd-docker-build604712320/imgId' , exit code: 0
-------------------------------------stderr-------------------------------------------
#0 building with "default" instance using docker driver

#1 [internal] load .dockerignore
#1 transferring context: 91B done
#1 DONE 0.0s

#2 [internal] load build definition from Dockerfile
#2 transferring dockerfile: 150B done
#2 DONE 0.0s

#3 [internal] load metadata for docker.io/library/node:18.17-alpine
#3 DONE 0.4s

#4 [1/5] FROM docker.io/library/node:18.17-alpine@sha256:3482a20c97e401b56ac50ba8920cc7b5b2022bfc6aa7d4e4c231755770cf892f
#4 DONE 0.0s

#5 [internal] load build context
#5 transferring context: 1.11kB done
#5 DONE 0.0s

#6 [4/5] RUN npm ci
#6 CACHED

#7 [2/5] WORKDIR /app
  |=      | Deploying service api2023/12/21 23:47:40 framework_service_docker.go:239: built image sha256:4832bd12bb93a6e49c3f0f3735181fd437f19f59b932a36ca37bc517dfdeb8a4 for api
2023/12/21 23:47:40 framework_service_docker.go:272: tagging image sha256:4832bd12bb93a6e49c3f0f3735181fd437f19f59b932a36ca37bc517dfdeb8a4 as todo-nodejs-mongo-aca/api-dfberry-todo-nodejs-mongo-azd:azd-deploy-1703202460
  |      =| Deploying service api (Tagging Docker image)2023/12/21 23:47:40 command_runner.go:307: Run exec: 'docker tag sha256:4832bd12bb93a6e49c3f0f3735181fd437f19f59b932a36ca37bc517dfdeb8a4 todo-nodejs-mongo-aca/api-dfberry-todo-nodejs-mongo-azd:azd-deploy-1703202460' , exit code: 0
  |       | Deploying service api (Tagging Docker image)2023/12/21 23:47:40 main.go:48: Retry: =====> Try=1
2023/12/21 23:47:40 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/resourcegroups?%24filter=REDACTED&api-version=2021-04-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armresources/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: 9f74fbcbd2579a2c20cfd9149d9a7d94

  |=      | Deploying service api (Tagging Docker image)2023/12/21 23:47:40 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/199.791417ms, OpTime=199.846333ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/resourcegroups?%24filter=REDACTED&api-version=2021-04-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armresources/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: 9f74fbcbd2579a2c20cfd9149d9a7d94
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Thu, 21 Dec 2023 23:47:40 GMT
   Expires: -1
   Pragma: no-cache
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: 9f74fbcbd2579a2c20cfd9149d9a7d94
   X-Ms-Ratelimit-Remaining-Subscription-Reads: REDACTED
   X-Ms-Request-Id: 22113373-f27a-4939-930c-dd15fc0d15e5
   X-Ms-Routing-Request-Id: REDACTED

2023/12/21 23:47:40 main.go:48: Retry: response 200
2023/12/21 23:47:40 main.go:48: Retry: exit due to non-retriable status code
2023/12/21 23:47:40 main.go:48: Retry: =====> Try=1
2023/12/21 23:47:40 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/resourceGroups/rg-dfberry-todo-nodejs-mongo-azd/resources?%24filter=REDACTED&api-version=2021-04-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armresources/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: 9f74fbcbd2579a2c20cfd9149d9a7d94

  |==     | Deploying service api (Tagging Docker image)2023/12/21 23:47:40 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/237.016709ms, OpTime=237.076709ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/resourceGroups/rg-dfberry-todo-nodejs-mongo-azd/resources?%24filter=REDACTED&api-version=2021-04-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armresources/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: 9f74fbcbd2579a2c20cfd9149d9a7d94
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Thu, 21 Dec 2023 23:47:40 GMT
   Expires: -1
   Pragma: no-cache
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: 9f74fbcbd2579a2c20cfd9149d9a7d94
   X-Ms-Ratelimit-Remaining-Subscription-Reads: REDACTED
   X-Ms-Request-Id: c212d6da-7242-45e6-a90b-3b3ce65b5b6b
   X-Ms-Routing-Request-Id: REDACTED

2023/12/21 23:47:40 main.go:48: Retry: response 200
2023/12/21 23:47:40 main.go:48: Retry: exit due to non-retriable status code
  |      =| Deploying service api (Tagging container image)2023/12/21 23:47:40 command_runner.go:307: Run exec: 'docker tag todo-nodejs-mongo-aca/api-dfberry-todo-nodejs-mongo-azd:azd-deploy-1703202460 crgvgc3iyhqkxo6.azurecr.io/todo-nodejs-mongo-aca/api-dfberry-todo-nodejs-mongo-azd:azd-deploy-1703202460' , exit code: 0
2023/12/21 23:47:40 container_helper.go:162: logging into container registry 'crgvgc3iyhqkxo6.azurecr.io'
  |      =| Deploying service api (Logging into container registry)2023/12/21 23:47:40 main.go:48: Retry: =====> Try=1
2023/12/21 23:47:40 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   POST https://crgvgc3iyhqkxo6.azurecr.io/oauth2/exchange
   Content-Type: application/x-www-form-urlencoded
   User-Agent: azsdk-go-azd-acr/1.5.1 (commit 3856d1e98281683b8d112e222c0a7c7b3e148e96) (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: REDACTED

  |====   | Deploying service api (Logging into container registry)2023/12/21 23:47:41 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/991.327667ms, OpTime=991.353209ms) -- RESPONSE RECEIVED
   POST https://crgvgc3iyhqkxo6.azurecr.io/oauth2/exchange
   Content-Type: application/x-www-form-urlencoded
   User-Agent: azsdk-go-azd-acr/1.5.1 (commit 3856d1e98281683b8d112e222c0a7c7b3e148e96) (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: REDACTED
   --------------------------------------------------------------------------------
   RESPONSE Status: 401 Unauthorized
   Connection: keep-alive
   Content-Length: 0
   Date: Thu, 21 Dec 2023 23:47:41 GMT
   Server: openresty
   Strict-Transport-Security: REDACTED
   X-Ms-Correlation-Request-Id: REDACTED
   X-Ms-Ratelimit-Remaining-Calls-Per-Second: REDACTED

2023/12/21 23:47:41 main.go:48: Retry: response 401
2023/12/21 23:47:41 main.go:48: Retry: exit due to non-retriable status code
2023/12/21 23:47:41 container_registry.go:121: failed getting ACR token credentials: failed getting ACR token: POST https://crgvgc3iyhqkxo6.azurecr.io/oauth2/exchange
--------------------------------------------------------------------------------
RESPONSE 401: 401 Unauthorized
ERROR CODE UNAVAILABLE
--------------------------------------------------------------------------------
Response contained no body
--------------------------------------------------------------------------------

2023/12/21 23:47:41 main.go:48: Retry: =====> Try=1
2023/12/21 23:47:41 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/providers/Microsoft.ContainerRegistry/registries?api-version=2022-02-01-preview
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armcontainerregistry/v0.6.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: 9f74fbcbd2579a2c20cfd9149d9a7d94

  |=====  | Deploying service api (Logging into container registry)2023/12/21 23:47:41 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/127.950333ms, OpTime=128.064292ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/providers/Microsoft.ContainerRegistry/registries?api-version=2022-02-01-preview
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armcontainerregistry/v0.6.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: 9f74fbcbd2579a2c20cfd9149d9a7d94
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Api-Supported-Versions: REDACTED
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Thu, 21 Dec 2023 23:47:41 GMT
   Expires: -1
   Pragma: no-cache
   Server: Kestrel
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: 9f74fbcbd2579a2c20cfd9149d9a7d94
   X-Ms-Ratelimit-Remaining-Subscription-Reads: REDACTED
   X-Ms-Request-Id: 982efdcd-c194-4bba-8ea3-4c44356230d0
   X-Ms-Routing-Request-Id: REDACTED

2023/12/21 23:47:41 main.go:48: Retry: response 200
2023/12/21 23:47:41 main.go:48: Retry: exit due to non-retriable status code
  (x) Failed: Deploying service api

ERROR: failed deploying service 'api': failing invoking action 'deploy', failed logging into container registry, token: failed getting ACR token: POST https://crgvgc3iyhqkxo6.azurecr.io/oauth2/exchange
--------------------------------------------------------------------------------
RESPONSE 401: 401 Unauthorized
ERROR CODE UNAVAILABLE
--------------------------------------------------------------------------------
Response contained no body
--------------------------------------------------------------------------------
, admin: admin user is not enabled for container registry 'crgvgc3iyhqkxo6'
TraceID: 9f74fbcbd2579a2c20cfd9149d9a7d94

@dfberry
Copy link
Author

dfberry commented Dec 22, 2023

Requested to try following options:

  1. update container app bicep file to enable admin access - follow PR linked above.
  2. In Azure portal, go to Entra Id for my tenant and create a new user as owner which would use the tenant email (like @tenantname.onmicrosoft.com) That user will require 2FA and will have no issue deploying with no admin access.
  3. Log in to azd with --tenant-id.

I started with #3 because that was the easiest. It failed.

node ➜ /workspaces/todo-nodejs-mongo-aca (main) $ azd auth login --tenant-id 51397421-87d6-42c1-8bab-98305329d75c --debug
2023/12/22 16:30:34 main.go:54: azd version: 1.5.1 (commit 3856d1e98281683b8d112e222c0a7c7b3e148e96)
2023/12/22 16:30:34 main.go:208: using cached latest version: 1.5.1 (expires on: 2023-12-23T16:21:41Z)
2023/12/22 16:30:34 project.go:113: Reading project from file '/workspaces/todo-nodejs-mongo-aca/azure.yaml'
2023/12/22 16:30:34 cobra_builder.go:141: Resolved action 'azd-auth-login-action'
2023/12/22 16:30:34 middleware.go:124: running middleware 'debug'
2023/12/22 16:30:34 middleware.go:124: running middleware 'experimentation'
2023/12/22 16:30:34 experimentation.go:42: assignment context: initflow_c:78272;0g5ad841:76970;
2023/12/22 16:30:34 middleware.go:124: running middleware 'telemetry'
2023/12/22 16:30:34 telemetry.go:50: TraceID: 06ef2a70afac3aa47d808444e69111ce
2023/12/22 16:30:35 command_runner.go:307: Run exec: '/vscode/vscode-server/bin/linux-arm64/0ee08df0cf4527e40edc9aa28f4b5bd38bbff2b2/bin/helpers/browser.sh https://login.microsoftonline.com/51397421-87d6-42c1-8bab-98305329d75c/oauth2/v2.0/authorize?client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&code_challenge=WRwi4B8vOTDhi-0lbLfNujbWMk-x2cDPzDzRBuAhprI&code_challenge_method=S256&prompt=select_account&redirect_uri=http%3A%2F%2Flocalhost%3A35515&response_type=code&scope=https%3A%2F%2Fmanagement.azure.com%2F%2F.default+openid+offline_access+profile&state=<redacted>' , exit code: 0
  |       | Retrieving subscriptions...2023/12/22 16:30:47 main.go:48: Retry: =====> Try=1
2023/12/22 16:30:47 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/tenants?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)

  |==     | Retrieving subscriptions...2023/12/22 16:30:47 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/285.425625ms, OpTime=285.452ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/tenants?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Fri, 22 Dec 2023 16:30:47 GMT
   Expires: -1
   Pragma: no-cache
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: REDACTED
   X-Ms-Ratelimit-Remaining-Tenant-Reads: REDACTED
   X-Ms-Request-Id: d0ac482f-1eda-4412-8476-e5df497202ba
   X-Ms-Routing-Request-Id: REDACTED

2023/12/22 16:30:47 main.go:48: Retry: response 200
2023/12/22 16:30:47 main.go:48: Retry: exit due to non-retriable status code
2023/12/22 16:30:47 main.go:48: Retry: =====> Try=1
2023/12/22 16:30:47 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/subscriptions?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)

2023/12/22 16:30:47 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/79.4155ms, OpTime=79.498917ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/subscriptions?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Fri, 22 Dec 2023 16:30:47 GMT
   Expires: -1
   Pragma: no-cache
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: REDACTED
   X-Ms-Ratelimit-Remaining-Tenant-Reads: REDACTED
   X-Ms-Request-Id: 6213a007-11a6-48a7-a98d-54a0f32c42f4
   X-Ms-Routing-Request-Id: REDACTED

2023/12/22 16:30:47 main.go:48: Retry: response 200
2023/12/22 16:30:47 main.go:48: Retry: exit due to non-retriable status code
2023/12/22 16:30:47 main.go:48: Retry: =====> Try=1
2023/12/22 16:30:47 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/subscriptions?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)

  |===    | Retrieving subscriptions...2023/12/22 16:30:47 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/63.609792ms, OpTime=63.699626ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/subscriptions?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Fri, 22 Dec 2023 16:30:47 GMT
   Expires: -1
   Pragma: no-cache
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: REDACTED
   X-Ms-Ratelimit-Remaining-Tenant-Reads: REDACTED
   X-Ms-Request-Id: c1e9a42c-41ab-431e-8bb6-c2b2a56e25b9
   X-Ms-Routing-Request-Id: REDACTED

2023/12/22 16:30:47 main.go:48: Retry: response 200
2023/12/22 16:30:47 main.go:48: Retry: exit due to non-retriable status code
2023/12/22 16:30:47 main.go:48: Retry: =====> Try=1
2023/12/22 16:30:47 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/subscriptions?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)

2023/12/22 16:30:47 main.go:48: Retry: =====> Try=1
2023/12/22 16:30:47 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/subscriptions?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)

2023/12/22 16:30:47 main.go:48: Retry: =====> Try=1
2023/12/22 16:30:47 main.go:48: Retry: =====> Try=1
2023/12/22 16:30:47 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/subscriptions?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)

2023/12/22 16:30:47 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/53.560875ms, OpTime=53.648375ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/subscriptions?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Fri, 22 Dec 2023 16:30:47 GMT
   Expires: -1
   Pragma: no-cache
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: REDACTED
   X-Ms-Ratelimit-Remaining-Tenant-Reads: REDACTED
   X-Ms-Request-Id: a3c64d32-323f-4433-9c42-cd8f1e2b9eef
   X-Ms-Routing-Request-Id: REDACTED

2023/12/22 16:30:47 main.go:48: Retry: response 200
2023/12/22 16:30:47 main.go:48: Retry: exit due to non-retriable status code
2023/12/22 16:30:47 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/subscriptions?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)

2023/12/22 16:30:47 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/47.604333ms, OpTime=47.691583ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/subscriptions?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Fri, 22 Dec 2023 16:30:47 GMT
   Expires: -1
   Pragma: no-cache
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: REDACTED
   X-Ms-Ratelimit-Remaining-Tenant-Reads: REDACTED
   X-Ms-Request-Id: 339ff912-cb96-485e-af72-a0b8bd0fe3a7
   X-Ms-Routing-Request-Id: REDACTED

2023/12/22 16:30:47 main.go:48: Retry: response 200
2023/12/22 16:30:47 main.go:48: Retry: exit due to non-retriable status code
2023/12/22 16:30:47 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/57.343083ms, OpTime=57.379958ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/subscriptions?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Fri, 22 Dec 2023 16:30:47 GMT
   Expires: -1
   Pragma: no-cache
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: REDACTED
   X-Ms-Ratelimit-Remaining-Tenant-Reads: REDACTED
   X-Ms-Request-Id: 96c6400d-0d63-4efb-8e50-ae8453c3b121
   X-Ms-Routing-Request-Id: REDACTED

2023/12/22 16:30:47 main.go:48: Retry: response 200
2023/12/22 16:30:47 main.go:48: Retry: exit due to non-retriable status code
  |====   | Retrieving subscriptions...2023/12/22 16:30:47 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/119.494291ms, OpTime=119.580583ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/subscriptions?api-version=2021-01-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armsubscriptions/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Fri, 22 Dec 2023 16:30:47 GMT
   Expires: -1
   Pragma: no-cache
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: REDACTED
   X-Ms-Ratelimit-Remaining-Tenant-Reads: REDACTED
   X-Ms-Request-Id: db760cf8-1637-4e50-9eab-fdbe5c830fc8
   X-Ms-Routing-Request-Id: REDACTED

2023/12/22 16:30:47 main.go:48: Retry: response 200
2023/12/22 16:30:47 main.go:48: Retry: exit due to non-retriable status code
Logged in to Azure.
node ➜ /workspaces/todo-nodejs-mongo-aca (main) $ azd deploy --debug
2023/12/22 16:30:56 main.go:54: azd version: 1.5.1 (commit 3856d1e98281683b8d112e222c0a7c7b3e148e96)
2023/12/22 16:30:56 main.go:208: using cached latest version: 1.5.1 (expires on: 2023-12-23T16:21:41Z)
2023/12/22 16:30:56 project.go:113: Reading project from file '/workspaces/todo-nodejs-mongo-aca/azure.yaml'
2023/12/22 16:30:56 cobra_builder.go:141: Resolved action 'azd-deploy-action'
2023/12/22 16:30:56 middleware.go:124: running middleware 'debug'
2023/12/22 16:30:56 middleware.go:124: running middleware 'experimentation'
2023/12/22 16:30:56 experimentation.go:42: assignment context: initflow_c:78272;0g5ad841:76970;
2023/12/22 16:30:56 middleware.go:124: running middleware 'telemetry'
2023/12/22 16:30:56 telemetry.go:50: TraceID: 4a86313c0c815ed550d40933eee3b766
2023/12/22 16:30:56 middleware.go:124: running middleware 'hooks'
2023/12/22 16:30:56 hooks.go:156: service 'api' does not require any command hooks.
2023/12/22 16:30:56 hooks.go:156: service 'web' does not require any command hooks.
2023/12/22 16:30:56 hooks.go:85: azd project is not available or does not contain any command hooks, skipping command hook registrations.
2023/12/22 16:30:56 command_runner.go:307: Run exec: 'docker --version' , exit code: 0
-------------------------------------stdout-------------------------------------------
Docker version 24.0.7-1, build afdd53b4e341be38d2056a42113b938559bb1d94
2023/12/22 16:30:56 docker.go:260: docker version: Docker version 24.0.7-1, build afdd53b4e341be38d2056a42113b938559bb1d94
2023/12/22 16:30:56 docker.go:191: determining version from docker --version string: Docker version 24.0.7-1, build afdd53b4e341be38d2056a42113b938559bb1d94
2023/12/22 16:30:56 docker.go:203: extracted docker version: 24.0.7-1, build: afdd53b4e341be38d2056a42113b938559bb1d94 from version string
2023/12/22 16:30:56 ensure.go:47: Skipping install check for 'Docker'. It was previously confirmed.

Deploying services (azd deploy)

  |       | Deploying service api2023/12/22 16:30:56 framework_service_docker.go:174: building image for service api, cwd: /workspaces/todo-nodejs-mongo-aca/src/api, path: ./Dockerfile, context: ., buildArgs: [])
  Deploying service api (Building Docker image)

  ───────── Docker Output ───────────────────────────────────────────────────────────────────────────────────

  #9 [5/5] RUN npm run build
  #9 CACHED
  
  #10 exporting to image
  #10 exporting layers done
  #10 writing image sha256:4832bd12bb93a6e49c3f0f3735181fd437f19f59b932a36ca37bc517dfdeb8a4 done
  #10 naming to docker.io/library/todo-nodejs-mongo-aca-api done
  #10 DONE 0.0s

  ───────────────────────────────────────────────────────────────────────────────────────────────────────────2023/12/22 16:30:57 command_runner.go:307: Run exec: 'docker build -f ./Dockerfile --platform linux/amd64 -t todo-nodejs-mongo-aca-api . --iidfile /tmp/azd-docker-build1945724790/imgId' , exit code: 0
-------------------------------------stderr-------------------------------------------
#0 building with "default" instance using docker driver

#1 [internal] load build definition from Dockerfile
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 DONE 0.0s

#2 [internal] load .dockerignore
#2 transferring context: 91B done
#2 DONE 0.0s

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 150B done
#1 DONE 0.0s

#3 [internal] load metadata for docker.io/library/node:18.17-alpine
#3 DONE 0.8s

#4 [1/5] FROM docker.io/library/node:18.17-alpine@sha256:3482a20c97e401b56ac50ba8920cc7b5b2022bfc6aa7d4e4c231755770cf892f
#4 DONE 0.0s

#5 [internal] load build context
#5 transferring context: 1.11kB 0.0s done
#5 DONE 0.0s

#6 [2/5] WORKDIR /app
#6 CACHED

#7 [3/5] COPY . .
  |=      | Deploying service api2023/12/22 16:30:57 framework_service_docker.go:239: built image sha256:4832bd12bb93a6e49c3f0f3735181fd437f19f59b932a36ca37bc517dfdeb8a4 for api
2023/12/22 16:30:57 framework_service_docker.go:272: tagging image sha256:4832bd12bb93a6e49c3f0f3735181fd437f19f59b932a36ca37bc517dfdeb8a4 as todo-nodejs-mongo-aca/api-dfberry-todo-nodejs-mongo-azd:azd-deploy-1703262657
  |      =| Deploying service api (Tagging Docker image)2023/12/22 16:30:57 command_runner.go:307: Run exec: 'docker tag sha256:4832bd12bb93a6e49c3f0f3735181fd437f19f59b932a36ca37bc517dfdeb8a4 todo-nodejs-mongo-aca/api-dfberry-todo-nodejs-mongo-azd:azd-deploy-1703262657' , exit code: 0
  |       | Deploying service api (Tagging Docker image)2023/12/22 16:30:58 main.go:48: Retry: =====> Try=1
2023/12/22 16:30:58 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/resourcegroups?%24filter=REDACTED&api-version=2021-04-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armresources/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: 4a86313c0c815ed550d40933eee3b766

  |=      | Deploying service api (Tagging Docker image)2023/12/22 16:30:58 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/240.935709ms, OpTime=241.042584ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/resourcegroups?%24filter=REDACTED&api-version=2021-04-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armresources/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: 4a86313c0c815ed550d40933eee3b766
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Fri, 22 Dec 2023 16:30:57 GMT
   Expires: -1
   Pragma: no-cache
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: 4a86313c0c815ed550d40933eee3b766
   X-Ms-Ratelimit-Remaining-Subscription-Reads: REDACTED
   X-Ms-Request-Id: bf6dfafa-b881-4932-9988-bdfcea932f3e
   X-Ms-Routing-Request-Id: REDACTED

2023/12/22 16:30:58 main.go:48: Retry: response 200
2023/12/22 16:30:58 main.go:48: Retry: exit due to non-retriable status code
2023/12/22 16:30:58 main.go:48: Retry: =====> Try=1
2023/12/22 16:30:58 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/resourceGroups/rg-dfberry-todo-nodejs-mongo-azd/resources?%24filter=REDACTED&api-version=2021-04-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armresources/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: 4a86313c0c815ed550d40933eee3b766

  |===    | Deploying service api (Tagging Docker image)2023/12/22 16:30:58 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/237.197833ms, OpTime=237.28575ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/resourceGroups/rg-dfberry-todo-nodejs-mongo-azd/resources?%24filter=REDACTED&api-version=2021-04-01
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armresources/v1.0.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: 4a86313c0c815ed550d40933eee3b766
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Fri, 22 Dec 2023 16:30:57 GMT
   Expires: -1
   Pragma: no-cache
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: 4a86313c0c815ed550d40933eee3b766
   X-Ms-Ratelimit-Remaining-Subscription-Reads: REDACTED
   X-Ms-Request-Id: b267c669-456d-4367-8192-c388cabebe46
   X-Ms-Routing-Request-Id: REDACTED

2023/12/22 16:30:58 main.go:48: Retry: response 200
2023/12/22 16:30:58 main.go:48: Retry: exit due to non-retriable status code
  |      =| Deploying service api (Tagging container image)2023/12/22 16:30:58 command_runner.go:307: Run exec: 'docker tag todo-nodejs-mongo-aca/api-dfberry-todo-nodejs-mongo-azd:azd-deploy-1703262657 crgvgc3iyhqkxo6.azurecr.io/todo-nodejs-mongo-aca/api-dfberry-todo-nodejs-mongo-azd:azd-deploy-1703262657' , exit code: 0
2023/12/22 16:30:58 container_helper.go:162: logging into container registry 'crgvgc3iyhqkxo6.azurecr.io'
  |      =| Deploying service api (Logging into container registry)2023/12/22 16:30:58 main.go:48: Retry: =====> Try=1
2023/12/22 16:30:58 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   POST https://crgvgc3iyhqkxo6.azurecr.io/oauth2/exchange
   Content-Type: application/x-www-form-urlencoded
   User-Agent: azsdk-go-azd-acr/1.5.1 (commit 3856d1e98281683b8d112e222c0a7c7b3e148e96) (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: REDACTED

  |=      | Deploying service api (Logging into container registry)2023/12/22 16:30:59 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/413.798833ms, OpTime=413.853208ms) -- RESPONSE RECEIVED
   POST https://crgvgc3iyhqkxo6.azurecr.io/oauth2/exchange
   Content-Type: application/x-www-form-urlencoded
   User-Agent: azsdk-go-azd-acr/1.5.1 (commit 3856d1e98281683b8d112e222c0a7c7b3e148e96) (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: REDACTED
   --------------------------------------------------------------------------------
   RESPONSE Status: 401 Unauthorized
   Connection: keep-alive
   Content-Length: 0
   Date: Fri, 22 Dec 2023 16:30:59 GMT
   Server: openresty
   Strict-Transport-Security: REDACTED
   X-Ms-Correlation-Request-Id: REDACTED
   X-Ms-Ratelimit-Remaining-Calls-Per-Second: REDACTED

2023/12/22 16:30:59 main.go:48: Retry: response 401
2023/12/22 16:30:59 main.go:48: Retry: exit due to non-retriable status code
2023/12/22 16:30:59 container_registry.go:121: failed getting ACR token credentials: failed getting ACR token: POST https://crgvgc3iyhqkxo6.azurecr.io/oauth2/exchange
--------------------------------------------------------------------------------
RESPONSE 401: 401 Unauthorized
ERROR CODE UNAVAILABLE
--------------------------------------------------------------------------------
Response contained no body
--------------------------------------------------------------------------------

2023/12/22 16:30:59 main.go:48: Retry: =====> Try=1
2023/12/22 16:30:59 main.go:48: Request: ==> OUTGOING REQUEST (Try=1)
   GET https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/providers/Microsoft.ContainerRegistry/registries?api-version=2022-02-01-preview
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armcontainerregistry/v0.6.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: 4a86313c0c815ed550d40933eee3b766

  |==     | Deploying service api (Logging into container registry)2023/12/22 16:30:59 main.go:48: Response: ==> REQUEST/RESPONSE (Try=1/296.133292ms, OpTime=296.20275ms) -- RESPONSE RECEIVED
   GET https://management.azure.com/subscriptions/b57b253a-e19e-4a9c-a0c0-a5062910a749/providers/Microsoft.ContainerRegistry/registries?api-version=2022-02-01-preview
   Accept: application/json
   Authorization: REDACTED
   User-Agent: azsdk-go-armcontainerregistry/v0.6.0 (go1.21.0 X:loopvar; linux),azdev/1.5.1 (Go go1.21.0 X:loopvar; linux/arm64)
   X-Ms-Correlation-Request-Id: 4a86313c0c815ed550d40933eee3b766
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Api-Supported-Versions: REDACTED
   Cache-Control: no-cache
   Content-Type: application/json; charset=utf-8
   Date: Fri, 22 Dec 2023 16:30:58 GMT
   Expires: -1
   Pragma: no-cache
   Server: Kestrel
   Strict-Transport-Security: REDACTED
   Vary: REDACTED
   X-Content-Type-Options: REDACTED
   X-Ms-Correlation-Request-Id: 4a86313c0c815ed550d40933eee3b766
   X-Ms-Ratelimit-Remaining-Subscription-Reads: REDACTED
   X-Ms-Request-Id: e61f74c4-9283-44d8-90f6-4777c81ecc5b
   X-Ms-Routing-Request-Id: REDACTED

2023/12/22 16:30:59 main.go:48: Retry: response 200
2023/12/22 16:30:59 main.go:48: Retry: exit due to non-retriable status code
  (x) Failed: Deploying service api

ERROR: failed deploying service 'api': failing invoking action 'deploy', failed logging into container registry, token: failed getting ACR token: POST https://crgvgc3iyhqkxo6.azurecr.io/oauth2/exchange
--------------------------------------------------------------------------------
RESPONSE 401: 401 Unauthorized
ERROR CODE UNAVAILABLE
--------------------------------------------------------------------------------
Response contained no body
--------------------------------------------------------------------------------
, admin: admin user is not enabled for container registry 'crgvgc3iyhqkxo6'
TraceID: 4a86313c0c815ed550d40933eee3b766

@dfberry
Copy link
Author

dfberry commented Dec 22, 2023

This is the change that fixed it for me.

resource containerRegistry 'Microsoft.ContainerRegistry/registries@2023-07-01' = {
  name: replace('acr-${resourceToken}', '-', '')
  location: location
  sku: {
    name: 'Basic'
  }
  // 👇👇👇 This property should be added
  properties: {
    adminUserEnabled: true
  }
  // 👆👆👆 This property should be added
  tags: tags
}

@chien110234 chien110234 mentioned this issue Dec 26, 2023
Closed
@rajeshkamal5050
Copy link

@vhvb1989 @ellismg should we also enable adminUserEnabled for our templates?

@rajeshkamal5050 rajeshkamal5050 added this to the Backlog milestone Jan 5, 2024
@rajeshkamal5050 rajeshkamal5050 added aca Azure Container Apps authn labels Jan 5, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the needs-team-attention Issues out of a milestone label Jan 5, 2024
@rajeshkamal5050 rajeshkamal5050 added bug Something isn't working and removed needs-team-attention Issues out of a milestone labels Jan 5, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the needs-team-attention Issues out of a milestone label Jan 5, 2024
@ellismg
Copy link
Member

ellismg commented Jan 5, 2024

@vhvb1989 @ellismg should we also enable adminUserEnabled for our templates?

We might as well do this until the underlying issue that prevents a co-administrator from exchanging their AAD token for a token that can do the push is fixed (Azure/acr#723).

We might also consider improving the error message here. We might be able to check if the current principal has "Owner" permissions granted on the ACA.

Long term it would be good to keep this adminUserEnabled property as "false" and push folks towards RBAC. It's unfortunate that presently accounts created before some point in time behave differently than expected because you are not granted Owner at the correct scope.

ellismg added a commit to ellismg/azure-dev that referenced this issue Jan 6, 2024
@ellismg
Enable admin user for registry in ACA sample
1300fed 
This enables the admin user on the provisioned container registry so
that `azd` can connect to it to push even if RBAC is not working
because the user is not anowner of the resource.  We've seen cases
where users who's accounts where created a long while back are set as
[classic adminisrators](https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators)
and not Owners on their accounts and ther is presently a service issue
that prevents these users from exchanging their AAD creds for an
access token.

Fixes Azure#3157
@ellismg ellismg mentioned this issue Jan 6, 2024
Merged
ellismg added a commit that referenced this issue Jan 9, 2024
@ellismg
Enable admin user for registry in ACA sample (#3178)
ffacf72 
This enables the admin user on the provisioned container registry so
that `azd` can connect to it to push even if RBAC is not working
because the user is not an owner of the resource.  We've seen cases
where users who's accounts where created a long while back are set as
[classic administrators](https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators)
and not Owners on their accounts and there is presently a service issue
that prevents these users from exchanging their AAD creds for an
access token.

Fixes #3157
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
aca Azure Container Apps authn bug Something isn't working customer-reported identify a customer issue needs-team-attention Issues out of a milestone question
Projects
None yet
Milestone
Backlog
Development

Successfully merging a pull request may close this issue.

Enable admin user for registry in ACA sample ellismg/azure-dev
4 participants
@dfberry @ellismg @rajeshkamal5050 @vhvb1989